i am trying to create a login and registration page using php and mysql but i met with some problem.
I reference to this video and the code is below (the code is incomplete, i only did for registration).
So the problem is that when i submit an entry using the register side, my database shows a blank record. I tried various method like
$reg = "INSERT INTO usertable (user,pwd) values ('".$user."','".$pwd."')";
but it did not work and when i did this:
$reg = "INSERT INTO usertable (user,pwd) values ('ABC','1234')";
it worked. What should i do to insert entry using the input text?
<?php
session_start();
$conn = mysqli_connect('localhost', 'root', '1234');
mysqli_select_db($conn,'registeration');
$user = $_POST["user"];
$pwd = $_POST["pwd"];
$s = "select * from usertable where user = '$user'";
$result = mysqli_query($conn,$s);
$num = mysqli_num_rows($result);
if($num == 1){
echo"Username Already Taken";
}
else{
$reg = "INSERT INTO usertable (user,pwd) values ('$user','$pwd')";
mysqli_query($conn,$reg);
}
?>
<h2> Register Here </h2>
<form action="index.html" method="post">
<label>Username</label>
<input type="text" name="user" required>
<label>Password</label>
<input type="text" name="pwd" required>
<br><button type="submit"> Login </button>
</form>
A easy way to know what's full SQL query string the program or you have made.
$reg = "INSERT INTO usertable (user,pwd) values ('$user','$pwd')";
echo $reg
It is better use {} to instead of . to insert variable into a string.
$reg = "INSERT INTO usertable (user,pwd) values ('{$user}','{$pwd}')";
To be sure the POST/GET action target is correct,
For your current code I am not sue index.html can handle it, probably it should be $_SERVER["PHP_SELF"]
To understand PHP String Operators, please refer to
https://www.php.net/manual/zh/language.operators.string.php
I found my mistake. I wrote my php and the register table (together in registration.php) however, my form redirects me to index.html. I copied and pasted my php into my index.php (changed the name) and it worked.
Thanks for those who helped me!
<h2> Register Here </h2>
<form action="index.php" method="post">
<label>Username</label>
<input type="text" name="user" required>
<label>Password</label>
<input type="text" name="pwd" required>
<br><button type="submit"> Login </button>
</form>
Related
I have created php submit button using form action with the intention of just storing a username and school name to be stored in a database using xampp by clicking okay button. I have set the database table to have flds for ID as primary key and AI, username and school set to varchar with max length of 50. The code i have used shown does $con to the DB but only the ID is being send to the DB?? (what have i missed or need to do so that the data inputted can be stored like the ID)?.
<?php
require 'config.php';
$username = " "; //$username
$school = " ";//what school they attend
if(isset($_POST['register_button'])){
$_SESSION['reg_username'] = $username; //Stores first name into session variable
$_SESSION['reg_school'] = $school; //Stores first name into session variable
$query = mysqli_query($con, "INSERT INTO users VALUES ('', '$username', '$school')");
}
?>
<html>
<head>
<title> School </title>
</head>
<body>
<h1> Welcome! </h1>
<form action="index.php" method="POST">
<input type="text" name="reg_username" placeholder="Name" value="<?php
if(isset($_SESSION['reg_username'])) {
echo $_SESSION['reg_username'];
}
?>" required>
<br>
<input type="text" name="reg_school" placeholder="School" value="<?php
if(isset($_SESSION['reg_school'])) {
echo $_SESSION['reg_school'];
}
?>" required>
<br>
<input type="submit" name="register_button" value="Okay">
</body>
</html>
You need to load the post data into your variables before you insert them. The only assignement you did was $username = '';
$username = $_POST['reg_username'];
$school = $_POST['reg_school'];
I have two different tables in MySQL- one that stores account info (usernames, email, password) and one that stores names of classes they typed inside the field box. So basically, once the user clicks "register" they are brought to the page "class_creation.php" where they type their classes- that information is supposed to be stored in the "classes" table inside MySQL after the user clicks the "submit" button. Then the user is directed to a page called "signup.php" where they enter their account info (username, email, password) and the info from signup.php gets stored inside the MySQL table "users". The second page, signup.php successfully stores its data inside the "users" table- however the "class_creation.php" does not store any data inside its table- and everything is empty. I'm not sure if its a connection issue to phpmyadmin? I tried editing the connection file but nothing I tried seemed to work.
//This is the connection file- I'm using it to connect both the signup.php page and the class_creation.php page to the MySQL database. Its called: "dbh.inc.php"
<?php
$servername = "localhost";
$dBUsername = "root";
$dBPassword = "";
$dBName = "loginsystem";
$class1 = $_POST['class1'];
$sql = "INSERT INTO user_classes (class1) VALUES ('class1')";
enter code here
$conn = mysqli_connect($servername, $dBUsername, $dBPassword, $dBName);
if (!$conn) {
die("Connection failed: ".mysqli_connect_error());
}
?>
//This is the backend file I'm using for the class creation page- its called: "class.inc.php"
<?php
if (isset($_POST['submit'])) {
require 'dbh.inc.php';
require 'login.inc.php';
$class1 = $_POST['class1'];
$stmt = mysqli_stmt_init($conn);
mysqli_stmt_bind_param($stmt, "s", $class1);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
header("Location../signup.php");
mysqli_stmt_close($stmt);
mysqli_close($conn);
?>
//And finally this is the "class_creation.php" code, used as the layout file for the textfields
<!DOCTYPE html>
<html>
<head>
<title/>
</head>
<body>
<form action="signup.php" method="POST">
<input type="text" name="class1" placeholder="" />
<input type="text" name="class2" placeholder="" />
<input type="text" name="class3" placeholder="" />
<input type="text" name="class4" placeholder="" />
<input type="text" name="class5" placeholder="" />
<input type="text" name="class6" placeholder="" />
<input type="text" name="class7" placeholder="" />
<input type="text" name="class8" placeholder="" />
<button type="submit" name="submit">Submit</button>
</form>
</body>
</html>
The info typed in by the user inside the class_creation.php page should appear in the MySQL database- but clearly I must be doing something wrong. Any ideas? The signup.php file seems to store its own data just fine inside the "users" table- let me know if you need to see those files as well but I believe the error is some where within these files.
In your class.inc.php, you can do something like:
<?php
if (isset($_POST['submit'])) {
require 'dbh.inc.php';
require 'login.inc.php';
$class1 = $_POST['class1'];
$stmt = mysqli_stmt_init($conn);
mysqli_stmt_prepare($stmt, $sql);
mysqli_stmt_bind_param($stmt, "s", $class1);
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
mysqli_stmt_close($stmt);
mysqli_close($conn);
header("Location../signup.php");
}
I am starting to learn the basics of SQL and PHP codes.
I am trying to create a simple newsletter subscription page. this would require the user to enter their email and submit. That will then get added to my database.
Now, this works well when the HTML and PHP code are separate and the submission occurs but redirects to the PHP page with the echo.
I want to get the message on the same page and I tried merging the PHP code in the page as below
<?php
if($_SERVER['REQUEST_METHOD'] === 'POST'){
mysql_connect("hostname", "username", "password");
mysql_select_db("db name");
$user = $_POST['email'];
$query = "INSERT INTO tablename(columname)VALUES('$email')";
echo "inserted";
}
?>
<html>
<form method="POST" action="" >
<label>Email:</label> <input name="email" type="text"/>
<input type="submit" name="submit" value="Insert" /> <br>
</form>
</html>
Hoever with this code it just doesnt do anything.
What have am I doing wrong here? Appreciate your expert advice.
There are few mistakes in the code, you can fix them by doing the following:
Save the file as a php file first. For example name it "email.php".
Make the form action="email.php"
Don't write two complete separate codes in the same file, one for php file and the other for html file like you did. You can include the html code inside the php code using heredoc syntax which allows you to include a long html code like the following:
echo<<<_HTMLCODE
<form method="POST" action="" >
<label>Email:</label> <input name="email" type="text"/>
<input type="submit" name="submit" value="Insert" /> <br>
</form>
_HTMLCODE;
In the query syntax, add $user instead $email because the variable $user contains the value submitted by the form.
Add a code to excute the inserted query. for example:
mysql_query($query);
So your final code will be like this:
<?php
if($_SERVER['REQUEST_METHOD'] === 'POST'){
mysql_connect("hostname", "username", "password");
mysql_select_db("db name");
$user = $_POST['email'];
$query = "INSERT INTO tablename VALUES('$user')";
mysql_query($query);
echo "inserted";
}
echo<<<_HTMLCODE
<form method="POST" action="email.php" >
<label>Email:</label> <input name="email" type="text"/>
<input type="submit" name="submit" value="Insert" /> <br>
</form>
_HTMLCODE;
?>
I have tried the code above after I added the data of my database on the localhost and after I created a table for the emails and it worked. Here is the edited code with my database access info and the table name in my code editor:
When i opened the table emails in my database, I found the email that I had submitted using the form (your modified code):
(advice: use mysqli instead of mysql)
Please use prepare statements to prevent Sql Injections.
Here is sample code try this.
ini_set('display_errors', 1);
ini_set('log_errors', 1);
error_reporting(E_ALL);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$connect = new mysqli ("localhost", "root", "usbw", "test");
if (mysqli_connect_errno()) {
echo 'Failed to connect to MySQL:' . mysqli_connect_error();
}
if (isset($_POST['submit'])) {
$email = filter_input(FILTER_VALIDATE_EMAIL, $_POST['email']);
$sql = "INSERT INTO table (email) VALUES (?)";
$stmt = $connect->prepare($sql);
$stmt->bind_param('s', $email);
$result = $stmt->execute();
if ($result) {
$msg = 'Succesfully added';
} else {
$msg = 'OOPS Error Occured';
}
}
?>
<html>
<form method="POST" action="" >
<label>Email:</label> <input name="email" type="text"/>
<input type="submit" name="submit" value="Insert" /> <br>
</form>
</html>
I wanted to make a simple login page using php and mysql database where I have created table members (id, username, password).
When I run my program, it's not entering the if block and directly moving to else block
<html>
<body>
<form method="POST" action="process.php">
Username:
<input type="text" name="username">
Password:
<input type="password" name="password">
<input type="submit" value="Login">
</form>
</body>
</html>
My PHP code is
<?php
include("includes/dbConnect.php");
$username=$_POST['username'];
$password=$_POST['password'];
$username=stripcslashes($username);
$username=stripcslashes($password);
$username=$conn->real_escape_string($username);
$password=$conn->real_escape_string($password);
//query
$sql="SELECT * FROM members WHERE username='$username' AND password ='$password'";
$result= $conn->query($sql);
$row=$result->fetch_assoc();
if($row['username']==$username && $row['password']==$password)
{
echo "Welcome";
}
else
{
echo "fail";
}
?>
Please help me out and rectify my error
P.S. I am new to php code so if anyone would like to give me any advice It will be most welcome
Your second line here:
$username=stripcslashes($username);
$username=stripcslashes($password);
is mistakenly assigning to the $username variable again.
I have an HTML form set up where a user can type in their email address and a password and click submit in order to create a membership, this data is sent to a database. I looked over the code and don't see any issues but the submissions will not appear in the mySQL database. In addition, I have been trying to redirect the user to a page once they have registered by typing in their email and password.
The form code is as follows:
<form class="form-signin" action="signinprocessor.php" method="post" form name ="form1">
<h3 class="muted">moreo</h3>
<h2 class="form-signin-heading">Please sign in</h2>
<input type="text" class="input-block-level" placeholder="Email address" input name="myusername" id="myusername">
<input type="password" class="input-block-level" placeholder="Password" input name="mypassword" id="mypassword">
<label class="checkbox">
<input type="checkbox" value="remember-me"> Remember me
</label>
<button class="btn btn-medium btn-primary" type="submit" name="submit" value="login">Sign in</button>
</form>
Once they click submit they are taken to signinprocessor.php where the code is as follows:
function createUser () {
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("test", $con);
$username = mysql_real_escape_string($_POST['myusername'], $con);
$password = mysql_real_escape_string($_POST['mypassword'], $con);
$sql = "UPDATE members SET username='$username',password='$password'";
mysql_query( $sql , $con );
mysql_close($con);
}
Youre are just trying to create a new user so instead of using UPDATE use INSERT
$sql = "INSERT INTO members(username,password) VALUES('$username','$password'");
1) If you are creating a user, the passwords must be encrypted(hashed) like md5() then use an INSERT statement instead of update like this:
$sql = "INSERT INTO members(username,password) VALUES('".$username."','".md5($password)."'");
2) You didn't call createUser() method.
UPDATE
$mysqli = new mysqli('localhost', 'my_user', 'my_password', 'my_db');
then
$query = "INSERT INTO members(username,password) VALUES('".$username."','".md5($password)."'");
$result = $mysqli->query($query);
for more info visit this link.
Why have I been blocked from asking a question because of this post? It is most definitely in the usual question and answer yet it received 7 down votes. With the deprecation of mySQL and people being forced into PDO or mySQLI it simply is not fair that I be punished for this. I ask that you, the user, up vote me so I can use the site again. Thank you.